Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Vulnerability

The web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers is affected by multiple cross-site scripting (XSS) vulnerabilities, tracked as CVE-2023-20151. The flaws stem from insufficient input validation by the interface. An unauthenticated, remote attacker can exploit these by sending crafted HTTP requests to an affected device. The vulnerabilities exist across all firmware versions for these models, and Cisco has not released software updates to address them [1].

Exploitation

To exploit the vulnerabilities, an attacker must send malicious HTTP requests to the affected router. The attacker then needs to persuade a user of the web management interface to visit specific web pages that include the malicious payloads. No authentication is required for the initial request, but user interaction is necessary to trigger the XSS [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface. This could lead to access to sensitive, browser-based information (e.g., session tokens, credentials) or other actions that rely on the user's browser session. The impact is limited to the web management interface's context [1].

Mitigation

Cisco has not released and will not release software updates for these vulnerabilities, as the affected routers are end-of-life. No workarounds exist, but mitigations are available. For RV320 and RV325 routers, disable remote management via the web interface (Firewall > General > uncheck Remote Management). For RV016, RV042, RV042G, and RV082 routers, additionally block access to TCP ports 443 and 60443 from WAN interfaces by creating deny access rules. These steps limit exploitation to only LAN-side users [1].