Unrated severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024

Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities

CVE-2024-20523

Description

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated admin-level remote attackers can cause DoS on Cisco Small Business RV042, RV042G, RV320, and RV325 routers via crafted HTTP request due to improper input validation.

Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers allows an authenticated, Administrator-level remote attacker to cause an unexpected device reload, leading to a denial of service (DoS) condition. The issue arises from improper validation of user input in incoming HTTP packets. All software releases for these models are affected [1].

Exploitation

An attacker must have valid Administrator credentials on the target device. The attacker then sends a crafted HTTP request to the web-based management interface, triggering the flaw [1].

Impact

Successful exploitation causes an unexpected reload of the affected device, resulting in a denial of service condition. This disrupts network operations until the device recovers [1].

Mitigation

Cisco has not released and will not release software updates because these products are past their End of Software Maintenance Releases dates. No workarounds are available [1].

References

Cisco Security Advisory: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Small Business RV042llm-fuzzy
Cisco Systems, Inc./Small Business Rv Series Router Firmwarecpe-rescue
Range: 4.0.2.08-tm

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhVmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000