Unrated severityNVD Advisory· Published Jul 21, 2022· Updated Nov 6, 2024

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

CVE-2022-20885

Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated remote command execution and DoS in Cisco Small Business RV routers due to insufficient input validation; no fix available.

Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (all firmware versions) allow authenticated remote attackers to execute arbitrary code or cause a denial of service. The issues stem from insufficient validation of user fields within incoming HTTP packets [1].

Exploitation

An attacker must have valid Administrator credentials on the affected device. The attacker sends a crafted HTTP request to the web-based management interface, which is accessible via LAN or WAN if remote management is enabled (disabled by default) [1].

Impact

Successful exploitation grants root-level command execution or triggers an unexpected device restart, resulting in a denial of service condition [1].

Mitigation

As of the publication date (2022-07-21), Cisco has not released software updates addressing these vulnerabilities, and no workarounds are available [1].

References

Cisco Security Advisory: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./RV130llm-fuzzy
Cisco Systems, Inc./Rv110wllm-fuzzy
Cisco Systems, Inc./RV130Wllm-fuzzy
Cisco Systems, Inc./Small Business Rv Series Router Firmwarecpe-rescue
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAKmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000