Unrated severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024

Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities

CVE-2024-20522

Description

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated administrator can trigger a denial of service on end-of-life Cisco Small Business RV042, RV042G, RV320, and RV325 routers by sending a crafted HTTP request.

Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers (all software releases) allows an authenticated, Administrator-level remote attacker to cause an unexpected reload of the affected device, resulting in a denial of service (DoS) condition. The issue is due to improper validation of user input in incoming HTTP packets [1].

Exploitation

An attacker must have valid Administrator credentials on the target device. The attacker sends a crafted HTTP request to the web-based management interface of the affected router. No other user interaction or special network position is required beyond network access to the management interface [1].

Impact

Successful exploitation causes the device to unexpectedly reload, resulting in a denial of service condition. The device becomes temporarily unavailable for legitimate users and management functions until it completes the reboot process. There is no code execution or data disclosure associated with this specific vulnerability [1].

Mitigation

Cisco has not and will not release software updates to address this vulnerability because the affected products are past their respective dates for End of Software Maintenance Releases. No workarounds are available. The recommended mitigation is to replace affected routers with a product that is still supported [1].

References

Cisco Security Advisory: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Small Business RV042, RV042G, RV320, and RV325 Routersllm-create
Cisco Systems, Inc./Small Business Rv Series Router Firmwarecpe-rescue
Range: 4.0.2.08-tm

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhVmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000