Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Vulnerability

The web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers is affected by multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2023-20149). These vulnerabilities stem from insufficient input validation by the web-based management interface. Affected firmware versions have not been specified in the advisory; Cisco has not released software updates to address these issues [1].

Exploitation

An unauthenticated, remote attacker can exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. The attacker does not require any prior authentication or network access beyond reaching the device's web interface. The attack relies on user interaction to trigger the payload [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This could lead to session hijacking, credential theft, or other client-side attacks against users of the management interface [1].

Mitigation

Cisco has not released software updates that address these vulnerabilities, and there are no workarounds that directly patch the flaw. To mitigate the risk, Cisco recommends disabling remote management on all affected models. For RV320 and RV325 routers, disable remote management. For RV016, RV042, RV042G, and RV082 routers, additionally block access to ports 443 and 60443. Detailed steps are provided in the advisory [1].

These mitigations limit exposure to the WAN, but the routers remain accessible via the LAN interface.