Cisco Small Business RV Series Routers Vulnerabilities
Description
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Small Business RV340/RV345 series routers web interface input validation flaw allows unauthenticated remote code execution or denial of service.
Vulnerability
The vulnerability resides in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. It is due to insufficient validation of user-supplied input, allowing an attacker to send crafted HTTP requests to trigger arbitrary code execution or a device reload. All firmware versions prior to the fixed release are affected [1].
Exploitation
An unauthenticated, remote attacker can exploit this vulnerability by sending specially crafted HTTP input to the affected device's web-based management interface. No authentication or user interaction is required. The attacker only needs network access to the management interface [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code as the root user on the underlying operating system, leading to full compromise of confidentiality, integrity, and availability. Alternatively, the attacker can cause the device to reload, resulting in a denial of service (DoS) condition [1].
Mitigation
Cisco has released software updates that address this vulnerability. Users should upgrade to the latest firmware version for their device. There are no workarounds that mitigate this vulnerability [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SURmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.