Unrated severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024

Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities

CVE-2024-20517

Description

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated admin can cause a denial of service (DoS) by sending a crafted HTTP request to the web management interface of affected Cisco Small Business RV series routers.

Vulnerability

This vulnerability exists in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers. It is due to improper validation of user input in incoming HTTP packets. An authenticated Administrator-level attacker can trigger an unexpected device reload. All software releases for these models are affected. [1]

Exploitation

An attacker needs valid Administrator credentials and network access to the web-based management interface. By sending a crafted HTTP request, the attacker can cause the device to reload, resulting in a denial of service. [1]

Impact

Successful exploitation allows an attacker to cause a denial of service condition by abruptly reloading the device. The attacker does not gain code execution or data access, but the device becomes temporarily unavailable. [1]

Mitigation

Cisco has not released and will not release software updates because these products are past their End of Software Maintenance dates. There are no workarounds. Users should consider upgrading to supported products. [1]

References

Cisco Security Advisory: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Small Business RV042, RV042G, RV320, and RV325 Routersllm-fuzzy
Cisco Systems, Inc./Small Business Rv Series Router Firmwarecpe-rescue
Range: 4.0.2.08-tm

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhVmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000