Cisco RV Series Authentication Bypass / Command Injection | allinfosecnews.com

Feb. 14, 2023, 3:32 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.

access attackers authentication authentication bypass business bypass cisco command command injection cve data directory directory traversal exploits firmware injection metasploit network pivot privileges routers rv series series session small business routers vulnerabilities vulnerability

More from packetstormsecurity.com / Packet Storm

Wireshark Analyzer 4.2.5 21 hours ago | packetstormsecurity.com

capture code commercial features +14

Packet Fence 13.2.0 21 hours ago | packetstormsecurity.com

abnormal access access control a network +21

SIPPTS 4.0 21 hours ago | packetstormsecurity.com

audit check devices protocol +13

Debian Security Advisory 5692-1 21 hours ago | packetstormsecurity.com

advisory arbitrary code code debian +18

Debian Security Advisory 5691-1 21 hours ago | packetstormsecurity.com

advisory arbitrary code browser clickjacking +16

Debian Security Advisory 5689-1 21 hours ago | packetstormsecurity.com

advisory arbitrary code aware chromium +19

Debian Security Advisory 5690-1 21 hours ago | packetstormsecurity.com

advisory click debian debian linux security +11

Ubuntu Security Notice USN-6766-2 21 hours ago | packetstormsecurity.com

action attacker conditions denial of service +16

Red Hat Security Advisory 2024-2852-03 21 hours ago | packetstormsecurity.com

advisory apache build developer +13

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Consultant/Senior Consultant – Categoria Protetta L. 68/99

@ BIP | Italy

View on infosec-jobs.com

SoC Security Architect, Platform Architecture

@ Apple | San Diego, California, United States

View on infosec-jobs.com

Cloud Engineer II- SOC Analyst

@ Insight Enterprises, Inc. | Gurugram Gurgaon HR, IN

View on infosec-jobs.com