Unrated severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024

Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities

CVE-2024-20524

Description

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated Administrator-level remote attacker can cause a denial of service on Cisco Small Business RV042, RV042G, RV320, and RV325 routers by sending a crafted HTTP request.

Vulnerability

The vulnerability resides in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 routers. It is due to improper validation of user input in incoming HTTP packets. All software releases for these models are affected [1].

Exploitation

An attacker must have valid Administrator credentials on the target device. The exploit involves sending a specially crafted HTTP request to the web-based management interface. No additional user interaction is required beyond authentication [1].

Impact

Successful exploitation causes an unexpected reload of the affected device, resulting in a denial of service (DoS) condition. The attacker does not gain code execution or data access through this specific vulnerability [1].

Mitigation

Cisco has not released and will not release software updates to address this vulnerability because the affected products have reached their end of software maintenance. No workarounds are available [1].

References

Cisco Security Advisory: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Small Business RV042llm-create
Cisco Systems, Inc./Small Business Rv Series Router Firmwarecpe-rescue
Range: 4.0.2.08-tm

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhVmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000