On Wednesday, August 3, 2022, Cisco disclosed two critical-severity vulnerabilities (CVE-2022-20842 and CVE-2022-20827) impacting RV160, RV260, RV340, and RV345 series small business routers. Both vulnerabilities are due to insufficient validation but differ in how they are exploited.
CVE-2022-20842 (CVSS 9.8 | Critical)
The vulnerability lies within the web-based management interface and could allow an unauthenticated, remote threat actor to execute arbitrary code as the root user or cause a denial-of-service (DoS) condition by sending crafted HTTP input to the vulnerable router.
CVE-2022-20827 (CVSS 9.0 | Critical)
The vulnerability lies within the web filter database update feature and could allow an unauthenticated, remote threat actor to perform command injection and execute commands with root privileges by submitting crafted input to the feature.
Both vulnerabilities were discovered and responsibly reported to Cisco by security researchers and security patches are available to remediate the vulnerabilities.
Affected Products:
- RV160 VPN Routers
- RV160W Wireless-AC VPN Routers
- RV260 VPN Routers
- RV260P VPN Routers with PoE
- RV260W Wireless-AC VPN Routers
- RV340 Dual WAN Gigabit VPN Routers
- RV340W Dual WAN Gigabit Wireless-AC VPN Routers
- RV345 Dual WAN Gigabit VPN Routers
- RV345P Dual WAN Gigabit POE VPN Routers
Threat actors have historically targeted Cisco RV series router vulnerabilities that result in similar execution and privileges, including CVE-2019-15271 and CVE-2022-20699. Furthermore, since the creation of the Known Exploited Vulnerabilities Catalog, CISA has added seven vulnerabilities impacting Cisco RV series routers to the catalog. We strongly recommend applying the relevant security patches to impacted devices to remediate the vulnerabilities and prevent potential exploitation.
Recommendation: Install Vendor Supplied Patches for Affected Products
We strongly recommend applying the latest relevant security patches to the impacted products as no workarounds are available. Security patches can be found via Cisco’s Support and Downloads page here: https://www.cisco.com/c/en/us/support/index.html
Note: Arctic Wolf recommends following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.
Cisco Product | Affected Releases | First Fixed Release |
RV160 and RV260 Series Routers | Earlier than 1.0.01.05 | Not vulnerable |
RV160 and RV260 Series Routers | 1.0.01.05 | 1.0.01.09 |
RV340 and RV345 Series Routers | Earlier than 1.0.03.26 | Not vulnerable |
RV340 and RV345 Series Routers | 1.0.03.26 | 1.0.03.28 |