Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Small Business RV routers are vulnerable to stored XSS via crafted HTTP requests due to improper input validation; no fix is available.
Vulnerability
The web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers contains multiple stored cross-site scripting (XSS) vulnerabilities [1]. These arise from insufficient input validation by the interface. An unauthenticated, remote attacker can exploit these by sending crafted HTTP requests to an affected device, then convincing a user to visit a specially crafted page that includes malicious payloads [1]. No software updates have been released by Cisco [1].
Exploitation
An attacker must be able to send crafted HTTP requests to the affected router's web management interface (no authentication required) [1]. The attacker then needs to persuade a user of the interface (e.g., an administrator) to access a specific web page containing the malicious payload — this is typically achieved through social engineering or by embedding the link in a phishing email [1]. The attack chain does not require prior access to the device. The vulnerability exists in the web-based management interface, so exploitation can occur over both LAN and WAN if remote management is enabled [1].
Impact
Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected web management interface, or to access sensitive browser-based information (e.g., cookies, session tokens) of the legitimate user [1]. This could lead to takeover of the administrator session or leakage of configuration data. The scope of compromise is limited to the browser session of the interacting user; however, given that the victim is likely an administrator, the attacker could potentially perform actions within the session's privileges on the router [1].
Mitigation
Cisco has not released software updates that address these vulnerabilities, and they have stated that no workarounds exist [1]. For RV320 and RV325 routers, Cisco recommends disabling remote management via the web interface (Firewall > General > uncheck Remote Management) [1]. For RV016, RV042, RV042G, and RV082 routers, in addition to disabling remote management, administrators should block access to ports 443 and 60443 using access rules (Firewall > Access Rules) [1]. These mitigations prevent external attackers from reaching the vulnerable interface; however, internal LAN-based attacks are still possible [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.