Multiple vulnerabilities in Cisco Small Business RV110W, RV130, RV130W and RV215W Routers
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 35 |
| CVE-ID | CVE-2022-20899 CVE-2022-20893 CVE-2022-20894 CVE-2022-20895 CVE-2022-20896 CVE-2022-20897 CVE-2022-20898 CVE-2022-20900 CVE-2022-20891 CVE-2022-20901 CVE-2022-20902 CVE-2022-20903 CVE-2022-20904 CVE-2022-20910 CVE-2022-20911 CVE-2022-20912 CVE-2022-20892 CVE-2022-20890 CVE-2022-20873 CVE-2022-20880 CVE-2022-20874 CVE-2022-20875 CVE-2022-20876 CVE-2022-20877 CVE-2022-20878 CVE-2022-20879 CVE-2022-20881 CVE-2022-20889 CVE-2022-20882 CVE-2022-20883 CVE-2022-20884 CVE-2022-20885 CVE-2022-20886 CVE-2022-20887 CVE-2022-20888 |
| CWE-ID | CWE-119 CWE-77 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
RV110W Wireless-N VPN Firewall Hardware solutions / Routers for home users Cisco Small Business RV130 Series VPN Routers Hardware solutions / Routers for home users RV130W Wireless-N Multifunction VPN Router Hardware solutions / Routers for home users RV215W Wireless-N VPN Router Hardware solutions / Routers for home users |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU65718
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20899
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU65708
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20893
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU65709
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20894
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU65710
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20895
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU65711
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20896
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU65716
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20897
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU65717
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20898
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU65719
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20900
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU65706
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20891
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU65720
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20901
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU65721
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU65722
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20903
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU65723
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20904
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Command Injection
EUVDB-ID: #VU65703
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20910
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU65725
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20911
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU65727
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20912
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU65707
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20892
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU65705
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Command Injection
EUVDB-ID: #VU65684
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20873
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Command Injection
EUVDB-ID: #VU65691
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20880
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Command Injection
EUVDB-ID: #VU65685
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20874
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Command Injection
EUVDB-ID: #VU65686
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20875
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Command Injection
EUVDB-ID: #VU65687
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20876
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Command Injection
EUVDB-ID: #VU65688
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20877
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Command Injection
EUVDB-ID: #VU65689
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20878
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Command Injection
EUVDB-ID: #VU65690
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20879
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Command Injection
EUVDB-ID: #VU65692
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20881
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU65704
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20889
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send a specially crafted HTTP packet, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Command Injection
EUVDB-ID: #VU65694
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20882
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Command Injection
EUVDB-ID: #VU65695
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20883
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Command Injection
EUVDB-ID: #VU65696
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20884
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Command Injection
EUVDB-ID: #VU65698
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20885
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Command Injection
EUVDB-ID: #VU65699
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20886
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Command Injection
EUVDB-ID: #VU65700
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20887
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Command Injection
EUVDB-ID: #VU65701
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20888
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRV110W Wireless-N VPN Firewall: All versions
Cisco Small Business RV130 Series VPN Routers: All versions
RV130W Wireless-N Multifunction VPN Router: All versions
RV215W Wireless-N VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_small_business_rv130_series_vpn_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
