Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple stored XSS vulnerabilities in Cisco Small Business RV series routers allow unauthenticated remote attackers to execute arbitrary script code in the context of the web-based management interface.
Vulnerability
CVE-2023-20147 describes multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers [1]. The vulnerabilities stem from insufficient input validation by the web-based management interface, allowing attackers to inject malicious scripts. All firmware versions prior to the date of the advisory (April 5, 2023) are affected [1]. Cisco has not released software updates that address these vulnerabilities.
Exploitation
An unauthenticated, remote attacker can exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user (such as an administrator) to visit specific web pages that include the malicious payloads [1]. No authentication or special network position beyond network access to the router's web interface is required. The attacker must induce the user to access a crafted link or page that triggers the stored XSS.
Impact
Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information [1]. This could lead to session hijacking, credential theft, or further compromise of the router's configuration. The attacker does not gain direct control of the device but can perform actions within the scope of the victim's browser session.
Mitigation
Cisco has not released software updates that address these vulnerabilities [1]. No workarounds exist. To mitigate the risk, Cisco recommends disabling remote management and, for RV016, RV042, RV042G, and RV082 routers, also blocking access to ports 443 and 60443 [1]. The routers remain accessible through the LAN interface after mitigation. Disabling remote management is performed via Firewall > General and unchecking the Remote Management check box. Blocking ports 443 and 60443 requires creating custom services (TCP-60443) and access rules with Deny action for the WAN interface. For RV320 and RV325 routers, disabling remote management is sufficient [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.