Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated, remote attacker can exploit stored XSS flaws in Cisco Small Business RV-series routers by injecting malicious scripts via crafted HTTP requests, leading to arbitrary code execution in the context of the web management interface.
Vulnerability
Multiple stored cross-site scripting (XSS) vulnerabilities exist in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers [1]. The flaws stem from insufficient input validation by the interface, allowing an unauthenticated, remote attacker to inject arbitrary script code via crafted HTTP requests. Affected versions are those running firmware prior to any fix; as of the publication date (April 5, 2023), Cisco has not released software updates that address these vulnerabilities [1].
Exploitation
An attacker can exploit these vulnerabilities by sending specially crafted HTTP requests to an affected device and then persuading a user of the web-based management interface to visit specific web pages that include the malicious payloads [1]. No authentication is required to send the crafted requests; the attack relies on social engineering to trick an administrator or user into accessing the poisoned pages. No special network position is needed beyond remote reachability of the device's management interface.
Impact
Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information [1]. This could lead to session hijacking, credential theft, or further compromise of the device and network. The attack operates at the privilege level of the user accessing the interface, potentially gaining administrative access if the victim is an administrator.
Mitigation
As of the advisory date (April 5, 2023), Cisco has not released software updates that address these vulnerabilities [1]. No workarounds exist to completely eliminate the XSS flaws. To mitigate exposure: for RV320 and RV325 routers, disable remote management; for RV016, RV042, RV042G, and RV082 routers, disable remote management and block access to ports 443 and 60443 on the WAN interface [1]. Detailed configuration steps (disabling remote management under Firewall > General, and creating access rules to deny HTTPS traffic on ports 443 and 60443) are provided in the advisory [1]. After implementing these mitigations, the routers remain accessible through the LAN interface.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.