CVE-2020-3332
Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability
Description
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsAttack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2020-3332 and every CVE in our database. Create a free account — no credit card required.
Create Free Account