Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Small Business RV-series routers are vulnerable to stored XSS via insufficient input validation, with no patch available; only workarounds exist.
Vulnerability
The web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient input validation according to Cisco Security Advisory [1]. The vulnerable code path is reachable through HTTP requests to the management interface without authentication, allowing an attacker to inject malicious script code. Affected firmware versions are those running on the listed hardware models; no specific version numbers are provided in the reference, but all versions are believed to be vulnerable as no software updates addressing these issues have been released by Cisco [1].
Exploitation
An unauthenticated, remote attacker can exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user of the management interface to visit specific web pages that include the malicious payloads [1]. The attacker does not require prior authentication or special network position beyond reachability to the router's management interface. User interaction is required (the victim must browse the malicious page) for the script to execute in the context of the interface.
Impact
Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information [1]. This could lead to session hijacking, credential theft, or further compromise of the management session. The impact is limited to the browser context; the attacker does not gain direct privileges on the device itself but can perform actions on behalf of the authenticated management user.
Mitigation
Cisco has not released software updates that address these vulnerabilities [1]. No workarounds exist, but mitigations are available: for RV320 and RV325 routers, disable remote management; for RV016, RV042, RV042G, and RV082 routers, disable remote management and block access to ports 443 and 60443 from WAN interfaces [1]. The advisory provides step-by-step configuration changes to implement these mitigations. These routers are not listed in the Known Exploited Vulnerabilities (KEV) catalog as of the advisory date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.