6.5
CVE-2024-20416
- EPSS 0.56%
- Veröffentlicht 17.07.2024 17:15:13
- Zuletzt bearbeitet 21.11.2024 08:52:35
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellercisco
≫
Produkt
rv340_dual_wan_gigabit_vpn_router_firmware
Default Statusunknown
Version <=
*
Version
1.0.03.24
Status
affected
Herstellercisco
≫
Produkt
rv345_dual_wan_gigabit_vpn_router_firmware
Default Statusunknown
Version <=
*
Version
1.0.03.24
Status
affected
Herstellercisco
≫
Produkt
rv345p_dual_wan_gigabit_poe_vpn_router_firmware
Default Statusunknown
Version <=
*
Version
1.0.03.24
Status
affected
Herstellercisco
≫
Produkt
rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware
Default Statusunknown
Version <=
*
Version
1.0.03.24
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.675 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-130 Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.