Cisco Small Business RV Series Routers Vulnerabilities

Vulnerability

CVE-2022-20706 is a command injection vulnerability in the Plug and Play (PnP) feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers [1][2]. The flaw results from the lack of proper validation of a user-supplied string before using it to execute a system call [2]. Affected firmware versions are detailed in Cisco's advisory under the Fixed Software section [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability without any user interaction [2]. The specific flaw exists in the handling of firmware updates, where a specially crafted request containing an arbitrary command can be injected [2]. The attacker needs no authentication or prior access to the device [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary code with root privileges on the affected device [1][2]. This could lead to full compromise of the router, including the ability to execute commands, install unsigned software, elevate privileges, and bypass authentication [1]. The CVSS v3.1 base score is 9.8 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [2].

Mitigation

Cisco has released firmware updates to address these vulnerabilities; users should upgrade to the fixed versions specified in the Cisco Security Advisory [1]. No workarounds are available. The vulnerabilities were disclosed in conjunction with the Pwn2Own competition [2], and the advisory and fixes were published on February 10, 2022 [1].