Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Vulnerability

Multiple cross-site scripting (XSS) vulnerabilities exist in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers (all firmware versions prior to any fix). The vulnerabilities are caused by insufficient input validation of user-supplied data by the interface, allowing injection of malicious scripts. No software updates have been released [1].

Exploitation

An unauthenticated, remote attacker can exploit these vulnerabilities by sending crafted HTTP requests to an affected device containing malicious payloads. The attacker must then persuade a user of the interface to visit specific web pages that include the injected payloads. The attacker does not require any prior authentication or local network access, as the management interface is exposed if remote management is enabled [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This could lead to session hijacking, credential theft, or other client-side attacks affecting the device administrator [1].

Mitigation

Cisco has not released software updates addressing these vulnerabilities. No workarounds are available. Mitigations involve disabling remote management and, for RV016, RV042, RV042G, and RV082 routers, also blocking access to ports 443 and 60443 on the WAN interface. To disable remote management, navigate to Firewall > General and uncheck Remote Management. To block ports, create access rules under Firewall > Access Rules to deny traffic from WAN sources. These steps will keep the router accessible via the LAN interface [1].