Unrated severityNVD Advisory· Published Sep 6, 2023· Updated Dec 16, 2025

CVE-2023-20250

Description

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack overflow in the web-based management interface of Cisco Small Business RV series routers allows authenticated remote attackers to execute arbitrary code with root privileges.

Vulnerability

A stack overflow vulnerability exists in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. The issue arises due to improper validation of requests sent to the interface. Affected firmware versions are those running on these devices at the time of disclosure (see advisory). [1]

Exploitation

An attacker must have valid Administrator credentials for the device. They can then send a crafted request to the web-based management interface over the LAN or WAN (if remote management is enabled). The crafted request triggers the stack overflow, leading to arbitrary code execution. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary code with root privileges on the affected device. This grants full control over the router, potentially leading to data exfiltration, further network compromise, or denial of service. [1]

Mitigation

Cisco has not released firmware updates at the time of this advisory. No workarounds are available. Users should monitor the Cisco Security Advisory for updates and consider disabling remote management if not needed. [1]

References

Cisco Security Advisory: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Small Business RV110W, RV130, RV130W, and RV215W Routersllm-create
Cisco Systems, Inc./Small Business Rv Series Router Firmwarecpe-rescue
Range: 1.0.0.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5Nmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000